This is an automated email from the ASF dual-hosted git repository.
amishra pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sentry.git
The following commit(s) were added to refs/heads/master by this push:
new 72ac123 SENTRY-2490: When building a full perm update for each object
we only build 1 privilege per role (Arjun Mishra reviewed by Kalyan Kumar
Kalvagadda)
72ac123 is described below
commit 72ac123228cb059ff5448df86ca46f1a33a6748e
Author: amishra <[email protected]>
AuthorDate: Tue Jan 29 11:15:22 2019 -0600
SENTRY-2490: When building a full perm update for each object we only build
1 privilege per role (Arjun Mishra reviewed by Kalyan Kumar Kalvagadda)
---
.../db/service/persistent/SentryStore.java | 15 +++----
.../db/service/persistent/TestSentryStore.java | 49 ++++++++++++++++++++++
2 files changed, 55 insertions(+), 9 deletions(-)
diff --git
a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
index ad5a4d0..e031ed4 100644
---
a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
+++
b/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
@@ -3147,22 +3147,19 @@ public class SentryStore implements
SentryStoreInterface {
private static Map<TPrivilegePrincipal, String>
addPrivilegeEntry(MSentryPrivilege mPriv, TPrivilegePrincipalType tEntityType,
String principal, Map<TPrivilegePrincipal, String> update) {
- String action;
- String newAction;
- String existingPriv = update.get(principal);
- action = mPriv.getAction().toUpperCase();
- newAction = mPriv.getAction().toUpperCase();
+ TPrivilegePrincipal tPrivilegePrincipal = new
TPrivilegePrincipal(tEntityType, principal);
+ String existingPriv = update.get(tPrivilegePrincipal);
+ String action = mPriv.getAction().toUpperCase();
+ String newAction = mPriv.getAction().toUpperCase();
if(action.equals(AccessConstants.OWNER)) {
// Translate owner privilege to actual privilege.
newAction = AccessConstants.ACTION_ALL;
}
if (existingPriv == null) {
- update.put(new TPrivilegePrincipal(tEntityType, principal),
- newAction);
+ update.put(tPrivilegePrincipal, newAction);
} else {
- update.put(new TPrivilegePrincipal(tEntityType, principal), existingPriv
+ "," +
- newAction);
+ update.put(tPrivilegePrincipal, existingPriv + "," + newAction);
}
return update;
}
diff --git
a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
index 202e959..62d6ea8 100644
---
a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
+++
b/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
@@ -2571,6 +2571,55 @@ public class TestSentryStore extends org.junit.Assert {
}
+ @Test
+ public void
testRetrieveFullPermssionsImageWithMultiplePrivielgesPerRolePerObject() throws
Exception {
+
+ // Create roles
+ String roleName1 = "privs-r1";
+ String groupName1 = "privs-g1";
+ String grantor = "g1";
+ sentryStore.createSentryRole(roleName1);
+
+ // Grant roles to the groups
+ Set<TSentryGroup> groups = Sets.newHashSet();
+ TSentryGroup group = new TSentryGroup();
+ group.setGroupName(groupName1);
+ groups.add(group);
+ sentryStore.alterSentryRoleAddGroups(grantor, roleName1, groups);
+
+ // Grant multiple privileges to a role on one object
+ TSentryPrivilege privilege1 = new TSentryPrivilege();
+ privilege1.setPrivilegeScope("TABLE");
+ privilege1.setServerName("server1");
+ privilege1.setDbName("db1");
+ privilege1.setTableName("tbl1");
+ privilege1.setAction("SELECT");
+ privilege1.setCreateTime(System.currentTimeMillis());
+ TSentryPrivilege privilege2 = new TSentryPrivilege();
+ privilege2.setPrivilegeScope("TABLE");
+ privilege2.setServerName("server1");
+ privilege2.setDbName("db1");
+ privilege2.setTableName("tbl1");
+ privilege2.setAction("INSERT");
+ privilege2.setCreateTime(System.currentTimeMillis());
+ TSentryPrivilege privilege3 = new TSentryPrivilege();
+ privilege3.setPrivilegeScope("TABLE");
+ privilege3.setServerName("server1");
+ privilege3.setDbName("db1");
+ privilege3.setTableName("tbl1");
+ privilege3.setAction("REFRESH");
+ privilege3.setCreateTime(System.currentTimeMillis());
+ sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE,
roleName1, Sets.newHashSet(privilege1), null);
+ sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE,
roleName1, Sets.newHashSet(privilege2), null);
+ sentryStore.alterSentryGrantPrivileges(SentryPrincipalType.ROLE,
roleName1, Sets.newHashSet(privilege3), null);
+
+ PermissionsImage permImage = sentryStore.retrieveFullPermssionsImage();
+ Map<String, Map<TPrivilegePrincipal, String>> privs =
permImage.getPrivilegeImage();
+ assertEquals(1, privs.get("db1.tbl1").size());
+ assertEquals("REFRESH,INSERT,SELECT", privs.get("db1.tbl1").get(new
TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, roleName1)));
+
+ }
+
/**
* Verifies complete snapshot of HMS Paths can be persisted and retrieved
properly.
*/
